|
 |
6a14f3 |
From 5ecd682797d2744d4a03c82ee5907db6766bcff1 Mon Sep 17 00:00:00 2001
|
|
|
6a14f3 |
From: Juergen Repp <juergen.repp@sit.fraunhofer.de>
|
|
|
6a14f3 |
Date: Tue, 12 Oct 2021 11:19:41 +0200
|
|
|
6a14f3 |
Subject: [PATCH 06/23] FAPI: Add policy computation for create primary.
|
|
|
6a14f3 |
|
|
|
6a14f3 |
The policy digest for primary keys was only computed for keys created during provisioning.
|
|
|
6a14f3 |
Now the policy digest is also computed for primary keys create with Fapi_CreateKey.
|
|
|
6a14f3 |
Fixes #2175.
|
|
|
6a14f3 |
|
|
|
6a14f3 |
Signed-off-by: Juergen Repp <juergen.repp@sit.fraunhofer.de>
|
|
|
6a14f3 |
---
|
|
|
6a14f3 |
src/tss2-fapi/fapi_int.h | 1 +
|
|
|
6a14f3 |
src/tss2-fapi/fapi_util.c | 29 +++++++++++++++++++++++++++++
|
|
|
6a14f3 |
2 files changed, 30 insertions(+)
|
|
|
6a14f3 |
|
|
|
6a14f3 |
diff --git a/src/tss2-fapi/fapi_int.h b/src/tss2-fapi/fapi_int.h
|
|
|
6a14f3 |
index 13c0333e..d13ec413 100644
|
|
|
6a14f3 |
--- a/src/tss2-fapi/fapi_int.h
|
|
|
6a14f3 |
+++ b/src/tss2-fapi/fapi_int.h
|
|
|
6a14f3 |
@@ -341,6 +341,7 @@ enum IFAPI_KEY_CREATE_STATE {
|
|
|
6a14f3 |
KEY_CREATE_FLUSH1,
|
|
|
6a14f3 |
KEY_CREATE_FLUSH2,
|
|
|
6a14f3 |
KEY_CREATE_CALCULATE_POLICY,
|
|
|
6a14f3 |
+ KEY_CREATE_PRIMARY_CALCULATE_POLICY,
|
|
|
6a14f3 |
KEY_CREATE_WAIT_FOR_AUTHORIZATION,
|
|
|
6a14f3 |
KEY_CREATE_CLEANUP,
|
|
|
6a14f3 |
KEY_CREATE_WAIT_FOR_RANDOM,
|
|
|
6a14f3 |
diff --git a/src/tss2-fapi/fapi_util.c b/src/tss2-fapi/fapi_util.c
|
|
|
6a14f3 |
index a5fc28a3..a0fd714e 100644
|
|
|
6a14f3 |
--- a/src/tss2-fapi/fapi_util.c
|
|
|
6a14f3 |
+++ b/src/tss2-fapi/fapi_util.c
|
|
|
6a14f3 |
@@ -4539,6 +4539,35 @@ ifapi_create_primary(
|
|
|
6a14f3 |
"hierarchy.", error_cleanup);
|
|
|
6a14f3 |
}
|
|
|
6a14f3 |
|
|
|
6a14f3 |
+ if (context->cmd.Key_Create.policyPath
|
|
|
6a14f3 |
+ && strcmp(context->cmd.Key_Create.policyPath, "") != 0)
|
|
|
6a14f3 |
+ context->cmd.Key_Create.state = KEY_CREATE_PRIMARY_CALCULATE_POLICY;
|
|
|
6a14f3 |
+ /* else jump over to KEY_CREATE_PRIMARY_WAIT_FOR_SESSION below */
|
|
|
6a14f3 |
+ /* FALLTHRU */
|
|
|
6a14f3 |
+ case KEY_CREATE_PRIMARY_CALCULATE_POLICY:
|
|
|
6a14f3 |
+ if (context->cmd.Key_Create.state == KEY_CREATE_PRIMARY_CALCULATE_POLICY) {
|
|
|
6a14f3 |
+ r = ifapi_calculate_tree(context, context->cmd.Key_Create.policyPath,
|
|
|
6a14f3 |
+ &context->policy.policy,
|
|
|
6a14f3 |
+ context->cmd.Key_Create.public_templ.public.publicArea.nameAlg,
|
|
|
6a14f3 |
+ &context->policy.digest_idx,
|
|
|
6a14f3 |
+ &context->policy.hash_size);
|
|
|
6a14f3 |
+ return_try_again(r);
|
|
|
6a14f3 |
+ goto_if_error2(r, "Calculate policy tree %s", error_cleanup,
|
|
|
6a14f3 |
+ context->cmd.Key_Create.policyPath);
|
|
|
6a14f3 |
+
|
|
|
6a14f3 |
+ /* Store the calculated policy in the key object */
|
|
|
6a14f3 |
+ object->policy = calloc(1, sizeof(TPMS_POLICY));
|
|
|
6a14f3 |
+ return_if_null(object->policy, "Out of memory",
|
|
|
6a14f3 |
+ TSS2_FAPI_RC_MEMORY);
|
|
|
6a14f3 |
+ *(object->policy) = context->policy.policy;
|
|
|
6a14f3 |
+
|
|
|
6a14f3 |
+ context->cmd.Key_Create.public_templ.public.publicArea.authPolicy.size =
|
|
|
6a14f3 |
+ context->policy.hash_size;
|
|
|
6a14f3 |
+ memcpy(&context->cmd.Key_Create.public_templ.public.publicArea.authPolicy.buffer[0],
|
|
|
6a14f3 |
+ &context->policy.policy.policyDigests.digests[context->policy.digest_idx].digest,
|
|
|
6a14f3 |
+ context->policy.hash_size);
|
|
|
6a14f3 |
+ }
|
|
|
6a14f3 |
+
|
|
|
6a14f3 |
r = ifapi_get_sessions_async(context,
|
|
|
6a14f3 |
IFAPI_SESSION_GENEK | IFAPI_SESSION1,
|
|
|
6a14f3 |
TPMA_SESSION_ENCRYPT | TPMA_SESSION_DECRYPT, 0);
|
|
|
6a14f3 |
--
|
|
|
6a14f3 |
2.34.3
|
|
|
6a14f3 |
|